USN-2658-1 php5 vulnerabilities

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598...

UBUNTU-CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service service crash via a NULL byte in a crafted configuration...

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

PHP null pointer has multiple security restriction bypass vulnerabilities

PHP is a general-purpose scripting language. A security vulnerability exists in PHP due to a missing path in multiple extensions or null byte checking of the path parameter of certain functions. Allowing remote attackers to exploit this vulnerability could allow PHP scripts to access arbitrary...

php: move_uploaded_file() NUL byte injection in file name

It was found that PHP moveuploadedfile function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

PHP Null Pointer Reference Limit Bypass Vulnerability

PHP is a general-purpose scripting language. A security vulnerability exists in PHP due to a missing path in multiple extensions of the program or a null byte check in the path parameter of certain functions, which allows remote attackers to bypass target file system access restrictions and acces...

PHP DOM and GD Extension Limit Bypass Vulnerability

PHP is a general-purpose scripting language. A security vulnerability exists in the PHP DOM and GD extensions due to a missing null byte check for paths in the program. Allowing remote attackers to exploit the vulnerability could bypass target file system access restrictions and access arbitrary...

UBUNTU-CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument load method, 2 the xmlwriteropenuri function, 3 t...

SysAid Help Desk Arbitrary File Upload Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. SysAid Help Desk fails to check file extensions, allowing remote attackers to upload and execute arbitrary files by submitting extensions containing null bytes...

UBUNTU-CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

UBUNTU-CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

Design/Logic Flaw

The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file...

php: move_uploaded_file() NUL byte injection in file name

It was found that PHP moveuploadedfile function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...